Chris Hecker <chec...@d6.com> writes: > I just got burned by this on my own site, losing a forum post that took > me a while to write. How hard would it be to fix this issue, it really > sucks to lose the user's (read: my) data.
My long-term plan for WebAuth, which has the same problem for the same reasons, was to add a configuration setting for Apache that would check the remaining lifetime of the user's credentials against the setting value and force re-authentication if it was too low. Sites could then set that for the pages surrounding the context of the POST. It's not a fix, since if someone lingers on the POST page for too long they would still lose, but it means that, say, a wiki could ensure that you have at least two hours of lifetime left in your authentication *before* you start editing a page. I suspect it would make much of the problem go away. -- Russ Allbery (ea...@eyrie.org) <http://www.eyrie.org/~eagle/> ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss
